PT-2023-31873 · Wasmer · Wasmer

Yagehu

Publicado

2023-12-13

Atualizado

2024-01-03

CVE-2023-51661

CVSS v3.1

8.4

Alta

Vetor

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wasmer versions prior to 4.2.4

Description The issue affects Wasmer, a WebAssembly runtime, allowing Wasm programs to access the filesystem outside of the sandbox. This can lead to service providers running untrusted Wasm code on Wasmer unexpectedly exposing the host filesystem.

Recommendations For versions prior to 4.2.4, update to version 4.2.4 to resolve the issue. As a temporary workaround, consider restricting access to untrusted Wasm code until the update is applied.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2023-51661

GHSA-4MQ4-7RW3-VM5J

Produtos afetados

Wasmer

PT-2023-31873 · Wasmer · Wasmer

CVE-2023-51661

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11